Add permissions to the login api

mattbasta · May 2, 2013 · fbfb205 · andymckay · May 2, 2013 · mattbasta
1 parent bf8a15a
commit fbfb205
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 0 deletions.
diff --git a/docs/api/topics/authentication.rst b/docs/api/topics/authentication.rst
@@ -38,6 +38,9 @@ stored as a cookie.
         sent with authorized requests as a query string parameter named
         ``_user``.
     :param settings: user account settings.
+    :param permissions: permissions and properties for the user account. It
+        contains boolean values which describe whether the user has the
+        permission described by the key of the field.
 
     Example:
 
@@ -50,6 +53,13 @@ stored as a cookie.
                 "display_name": "fred foobar",
                 "email": "ffoob@example.com",
                 "region": "appistan"
+            },
+            "permissions": {
+                "reviewer": false,
+                "admin": false,
+                "localizer": false,
+                "lookup": true,
+                "developer": true
             }
         }
 

diff --git a/mkt/account/api.py b/mkt/account/api.py
@@ -10,6 +10,7 @@
 from tastypie.exceptions import ImmediateHttpResponse
 from tastypie.throttle import CacheThrottle
 
+from access import acl
 from amo.utils import send_mail_jinja
 from mkt.api.authentication import (OAuthAuthentication,
                                     OptionalOAuthAuthentication,
@@ -104,6 +105,15 @@ def post_list(self, request, **kwargs):
                     'display_name': (UserProfile.objects
                                      .get(user=request.user).display_name),
                     'email': request.user.email,
+                },
+                'permissions': {
+                    'reviewer': acl.check_reviewer(request),
+                    'admin': acl.action_allowed(request, 'Admin', '%'),
+                    'localizer': acl.action_allowed(
+                        request, 'Localizers', '%'),
+                    'lookup': acl.action_allowed(
+                        request, 'AccountLookup', '%'),
+                    'developer': request.amo_user.is_app_developer,
                 }
             })
         return res

diff --git a/mkt/account/tests/test_api.py b/mkt/account/tests/test_api.py
@@ -154,6 +154,11 @@ def test_login_success(self, http_request):
             'cvan@mozilla.com,95c9063d9f249aacfe5697fc83192ed6480c01463e2a80b3'
             '5af5ecaef11754700f4be33818d0e83a0cfc2cab365d60ba53b3c2b9f8f6589d1'
             'c43e9bbb876eef0,000000')
+        assert 'permissions' in res.content
+        assert all(x in res.content['permissions'] for x in
+                   ['reviewer', 'admin', 'localizer', 'lookup', 'developer'])
+        assert all(isinstance(x, bool) for x in
+                   res.content['permissions'].values())
 
     @patch('requests.post')
     def test_login_failure(self, http_request):